2016 european anti-hacking technology for connected cars new … · 2016-06-06 · experienced...

2016 European Anti-Hacking Technology for Connected Cars

New Product Innovation Award

2016

EUROPEAN ANTI-HACKING TECHNOLOGY FOR CONNECTED CARSNEW PRODUCT INNOVATION AWARD

2016

BEST PRACTICES RESEARCH

© Frost & Sullivan 2016 1 “We Accelerate Growth”

Contents Background and Company Performance ........................................................................ 2

Industry Challenges .............................................................................................. 2

New Product Attributes and Customer Impact .......................................................... 3

Conclusion........................................................................................................... 7

Significance of New Product Innovation ......................................................................... 8

Understanding New Product Innovation ......................................................................... 8

Key Benchmarking Criteria .................................................................................... 9

Best Practice Award Analysis for Irdeto ......................................................................... 9

Decision Support Scorecard ................................................................................. 10

New Product Attributes ....................................................................................... 10

Customer Impact ............................................................................................... 10

Decision Support Matrix ...................................................................................... 11

The Intersection between 360-Degree Research and Best Practices Awards ..................... 12

Research Methodology ........................................................................................ 12

About Frost & Sullivan .............................................................................................. 13



Background and Company Performance

Industry Challenges

Historically the primary focus of the automotive ecosystem has related to original equipment manufacturers (OEMs), dealers, and Tier I suppliers with minimal attention paid to software companies, security specialists, solution providers, and integrators, but times are changing. In 2016, connected car security will continue as a topmost new challenge as well as an opportunity area for the automotive industry across Europe. In addition, autonomous vehicles and mobility will occupy significant attention, wherein ride sharing and dedicated short range communication (DSRC) field trials are key initiatives across different European countries. Going forward, the extended automotive ecosystem will work towards integrating technologies/applications around connected living, smart home, Internet of Things (IoT) and vehicle to everything (V2X). The automotive industry is ripe with robust growth opportunities, yet it faces diverse challenges that threaten its growth potential.

Automotive cybersecurity, over the air (OTA) updates, and the proliferation of non-automotive companies creating new revenue streams around intelligent mobility programs are key issues facing top management among traditional automotive participants. Automotive cybersecurity remains the key focus area amongst government, regulatory bodies, and consumers due to various hacking incidents across different regions. For instance, in 2015 the market witnessed a cyber-recall at Fiat Chrysler with over 1.4 million cars impacted. Indeed, the concept of distributed end-to-end security and providing quick remote updates is still nascent in the market, although OEMs are engaging with vendors for testing specific use cases like OTA/V2X.

A distinct key challenge is the increasing rate of connectivity. In-vehicle communication extends from infotainment to mobile-based communication, voice recognition, navigation, and communication with other vehicles and infrastructure, meaning that as the volume of connections increases, the system is more vulnerable to external hackers. Frost & Sullivan finds that at a global level, growth of connected cars from 2015 to 2016 is an expected 25.2%, from 17.8 million vehicles to 22.3 million vehicles. Ultimately, OEMs are pushing the industry towards connected cars with the idea of seamless IoT and a goal to realise revenue streams around Big Data. To this end, focus will centre on smart mobility models and seamless connection of cars, home, and office.

European OEMs are still struggling to develop the most appropriate and beneficial business models and features. Nonetheless, cybersecurity has become the key focus after Senator Markey’s report that highlighted the dearth of security measures adopted by different OEMs concerning data collection, privacy, and transmission of sensitive information to third parties. Formation of alliances like Deutsche Cyber-Sicherheitsorganisation GmbH (DCSO and), Cyber Security Consortium for Connected Vehicles (CCV) and private review boards will enable ecosystem participants to share best practices.



The automotive industry is a market with limited OEMs, but the software solution providers trying to introduce their solutions are numerous. Competitiveness favors the OEMs that enjoy strong bargaining powers and forcefully tend to change the solution providers’ business models. Automotive cyber security companies, therefore, need to deliver innovative products and quickly adopt proven best practices from other industries that will be applicable to connected car security.

New Product Attributes and Customer Impact

Irdeto has been providing cybersecurity solutions for over 45 years and is part of Naspers, a $56 billion market cap multinational media and Internet conglomerate. Irdeto is a global security provider in digital platform security, serving the world’s leading creators and distributors of video entertainment. Headquartered in the Netherlands, the company has offices across North America, Brazil, Europe, and Asia-Pacific. Irdeto has been protecting delivery of premium assets for some of the biggest media and device companies in the world.

Match to Needs

Smartphone, Internet, wireless, and cellular communications are continuously improving the life style of customers through various conveniences and services. Digitalization is the cause of large-scale and far-reaching transformations across multiple aspects of business, providing unparalleled opportunities for value creation while also opening up a major source of risk. Automotive executives including CEOs and CIOs, in turn, are contending with strategic implications of these transformations for their organizations, supply chain, and customers. From a security standpoint, the economic and societal implications of digitization are questioned and are raising serious concens about the wider impact of digital transformation. Since 2015, the automotive industry has witnessed several hacks across different countries, wherein the attacker was able to exploit various vulnerabilities in order to gain root access to a telematics unit or ODBII dongle that is connected to the CAN bus. In 2016, researcher Troy Hunt figured out that the Nissan Leaf smartphone app interface (API) uses only the vehicle identification number (VIN) to control car features remotely, without passwords. In other words, OEMs’ connected vehicles are hacker-friendly—researchers/hackers could easily run API commands, for example, to turn on a car's heated seats or lock/unlock doors, presumably executed from the other side of the world.

Irdeto’s expertise in the content protection space has involved dealing with professional hackers for 4 decades; therefore, it can easily translate its proven experience with digital security to address the automotive industry and connected cars. The Irdeto Cloakware for Automotive solution is based on the company’s core technology, which has over 20 years of innovation and refinement and is currently installed in more than 2 billion connected devices worldwide. This solution offers a full suite of features that not only protects the environment it secures from tampering by a hacker, but also protects itself from being reverse engineered and modified by a hacker. The protections realized are paired with both telemetry and dynamic policy management features which together enables the



investigation of incidents on connected cars. Irdeto's Cloakware for Automotive possesses the ability to affect measured responses to these incidents based on analysis of the details communicated through telemetry. Irdeto understands the unique approaches of non-ethical hackers which explain why the company does not rely on a perimeter security model but instead adopts an in-depth security strategy for connected cars.

Reliability

The digital transformation of the automotive industry is creating tremendous opportunities for North American and European technology and specialist companies as they confront OEMs and suppliers with huge challenges. The possibilities opened up by connected devices, software rich vehicles, tech savvy customers, and innovative business models are highly promising, yet the threat factors, security risks, and solution reliability are equally dramatic.

Connected cars do require robust crypto products like public key infrastructure (PKI), firewalls, anti-virus, and intrusion detection systems (IDS)/intrusion prevention system (IPS) solutions. However, Irdeto believe that in addition to those security technologies Tier 1 and OEMs need another layer as hackers are always getting root access at some point in time. Irdeto believes in deep level software security and security life cycle management which turns an OS into a secure operating environment through the use of “anti-hacking” technology. Irdeto’s core software security technology and in-depth security expertise is supported by 900+ technical experts spread across 26 countries. In particular, Irdeto leverages its “anti-hacking” technology from a holistic perspective, considering that hackers have complete access to vehicles (similar to jail breaking of a cell phone).

Irdeto's in-depth security approach backed by its digital media and IoT expertise in handling security protects vehicles against reverse engineering of applications and prevents hackers from injecting malicious code into vehicles/protected system. Irdeto’s solution for the automotive industry, Cloakware for Automotive, is built on the company's core software security technologies such as White Box cryptography and obfuscation which also protects the application data on the system, both during storage and while in use. The Irdeto solution is reliable for OEMs and Tier I suppliers in making it extremely difficult for hackers to extract software and valuable content across any environment.

Design

Industry crossovers and best practices adoption across the value chain are encouraged by OEMs and Tier I suppliers. Solutions presented at CES 2016 and Mobile World Congress focused on OTA, connectivity, security, and IoT. At CES 2016, the Irdeto team demonstrated the benefits of enhanced security. Visitors to the Irdeto Suite at Wynn experienced hacking through simulation/gamification to understand first-hand what it is like to be attacked by hackers. Irdeto’s in-depth security solution uses enhanced security to fight professional hackers. Indeed, Irdeto is an innovator in the digital security industry with several patents in white-box cryptography, and its Cloakware for Automotive, in



particular, protects vehicles against attackers who have gained unauthorized access by employing operating system (OS) integrity, application integrity, data protection schemes, anti-debug technology, and anti-reverse engineering methods.

Irdeto’s white-box cryptography protects digital media assets in robust ways and has evolved in response to up-to-the-minute attacks. Conventional cryptographic algorithms, used to protect software keys and data, are ineffective when operating in white-box environments where a hacker has full visibility and control over the executing code. Considering the breadth of recent connected car attacks, Irdeto’s patented technology offers many advantages over other cryptography alternatives. The Cloakware for Automotive solution has the unique capability of not revealing keys or data while the cryptographic computations are being observed in complete detail. This unique approach will help OEMs and Tier I suppliers to ensure consumers that their sensitive data remains secure.

Irdeto’s solution is designed for simple integration into current products within an automobile wherein security at each layer of the platform is considered to address a wide range of attacks. The other key aspect of Irdeto’s connected car solution includes on-going intrusion detection, quality, security telemetric data, and on-going verification of OS and application via integrity checks. Considering responses and policy updates, Irdeto’s Cloakware helps OEMs by providing actionable forensic data that offers on-device responses. Irdeto also provides dynamic policy updates that allow measured responses to detected incidents.Connected car security will rely heavily on ecosystem security. Irdeto solutions are implemented across extended value chain participants and global companies including Comcast, Liberty Global, China Mobile, and Fox.To sum up, Irdeto’s Cloakware for Automotive is an integrated solution that provides automatic protection for all applications installed in the connected car environment. This allows for ease of integration wherein applications will not require any special modification in order to be secure in the protected environment. Irdeto’s Cloakware solution provides the ability to instantly detect the attempted execution of either an unauthorized application or a tampered application on a protected system—integrity verification. This ability, combined with a telemetry service that can notify an OEM of the type of tampering that is being attempted in a specific vehicle, positions Irdeto’s Cloakware for Automotive as a unique solution in the automotive market.

Positioning

Irdeto is well positioned to track and expose the highly complex cybercriminal networks through its matured solution. Irdeto has established a global network of partners including law enforcement, industry bodies and agencies, as well as consumer and technology partners. For instance, Irdeto partnered with Movimento in 2016 to provide in-vehicle and OTA security for OEMs and Tier I suppliers. Irdeto and Movimento will leverage their individual expertise to help OEMs and Tier I suppliers in securing sensitive data wherein OTA software updates within connected cars are protected against tampering and other intrusion-type techniques, such as reverse engineering. This solution will provide peace of



mind to OEMs and consumers in addition to detecting and reporting intrusions while delivering and deploying security patches without impacting vehicle operations.

Irdeto's technology has proven successful on a large scale in the media industry, and for the last couple of years, the company has aimed to introduce its technology and best practices into the auto industry. From a security standpoint, Irdeto will identify best-of-breed products and incorporate them into cars. Irdeto's Cloakware has the benefit of being customized as a standard platform for OEMs and Tier I suppliers. Customers/drivers want to know that as they embrace the software-defined car they will be protected and secure. Security and data privacy form the key issue and they expect their data to continually remain safe. OEMs, moreover, want to know that they are protected against threats, and the OTA capabilities of the technology platform pioneered by Movimento and Irdeto make that level of security possible. Considering future connected car use cases, Irdeto has solid plans to build an ecosystem of unparalleled solutions that will further realize a compelling software-defined car. Irdeto is well positioned in the naïve automotive cybersecurity market. In fact, Irdeto's full integration with Movimento was showcased at CES 2016 in cars with this combined technology that will be implemented across a few models this year and in consumer cars in 2018.

Price / Performance Value

Irdeto’s core technology has 20 years of innovation and refinement behind it—the integrity verification solution is their proven anti-hacking technology. Movimento's OTA solutions offer advanced features for secure OTA updates. Industry leaders such as Bosch, Continental, Denso, GM, Jaguar Land Rover, Panasonic, Shanghai GM, and Volvo depend on Movimento technology and expertise for secure updates throughout the vehicle production lifecycle. Irdeto's technology will be added as a deeper layer of security on Tier 2,Tier 1 and OEM solutions-Humax Automotive partners with Irdeto to secure their infotainment units.Considering Irdeto's experience in the digital industry, once hackers perceive monetary benefits they will heavily focus on unleashing the product, let it be cars or home devices. The combined solution has, therefore, in-vehicle security technologies and OTA software updating capabilities. Movimento's advanced OTA capabilities are combined with Irdeto’s cybersecurity technology and updates directly to any automobile on the road, giving them an enhanced layer of security.

When hackers try to infiltrate a car’s systems, probing for its weaknesses, the information is sent to the cloud. The OTA security procedures created by Movimento and Irdeto allow OEMs to instantly analyze the threat and respond to it, whether hackers are attacking the ECU, telematics unit, or infotainment system. Irdeto has setup Security Operations Center(SoC) for a North American OEM. Irdeto believes in a dynamic, enhanced security system that will prevent cars and connected devices against intelligent counter-actors. Irdeto extends its global reach by working closely with Tier 1 and Tier 2 suppliers across North America, Japan, China and Germany-secure Environment and software protection on Infotainment units and ECUs for a major Tier 1 supplier from Japan. Irdeto provides



Security Services to a Tier 1 company from China- analyze threat models and architecture of infotainment units.

Cloakware for Automotive helps OEMs reduce the actual direct costs of a recall, including loss of OEM loyalty, avoid substantial monetary penalty, and prevent safety issues due to malicious software. All of these incidents could occur in a single attack thereby reducing the brand image of OEMs. The cost of just one of these actions, in fact, would far exceed the price of protection, detection, and response from Irdeto. OEMs started realizing that the price to protect against a compromise is far less than the cost of being compromised. GM, Toyota, BMW, and Volkswagen are focusing on various cybersecurity initiatives to mitigate connected car security threats. Moreover, Irdeto provides flexible business model options, so OEMs can pay for a complete solution up front, pay for development of a solution and then pay a recurring fee over the lifecycle of the solution, or pay only a recurring fee.

Brand Equity and Customer Purchase Experience

Digital industry customers trust Irdeto’s security pedigree and consider Irdeto their security partner. Irdeto is a pioneer in providing multi-media protection products and services and enjoys a proven track record in the media industry with Media Broadcast and Hollywood Studios Fox, SKY, and Time Warner Cable among its customers. As automotive OEMs and Tier I suppliers focus on mobility, IoT, and connected devices, Irdeto expects its media and digital industry expertise to create a positive view of its brand. Furthermore, Irdeto can easily leverage its partners, in-house security experts, and knowledge gained through various engagements to provide solutions geared towards the needs of the automotive industry. Irdeto optimizes the level of protection provided based on the unique scalability, real-time and resource needs, and constraints of the automobile system or subsystem. Irdeto’s technological insight and ability to understand the hacker mentality also contribute to high scores in customer satisfaction.

Conclusion

Data privacy, safety, and cyber security together have become the hot topic in the automotive industry, and IT spending by OEMs and Tier I suppliers to gain software capabilities clings towards a growth curve. The Irdeto solution is a multi-layered, multi-faceted approach designed to reduce detected vulnerabilities. Obfuscation, integrity verification, anti-debug, white-box cryptography, diversification, and renewability are the key building blocks for Cloakware for Automotive as Irdeto's connected car security offering that will prove invaluable to the digital transformation of the automotive industry.

Because of its digital security expertise and strong overall security capabilities, Irdeto has earned Frost & Sullivan’s 2016 New Product Innovation Award.



Significance of New Product Innovation Ultimately, growth in any organization depends upon continually introducing new products to the market, and successfully commercializing those products. For these dual goals to occur, a company must be best-in-class in three key areas: understanding demand, nurturing the brand, and differentiating from the competition.

Understanding New Product Innovation Innovation is about finding a productive outlet for creativity—for consistently translating ideas into high quality products that have a profound impact on the customer.



Key Benchmarking Criteria

For the New Product Innovation Award, Frost & Sullivan analysts independently evaluated two key factors— New Product Attributes and Customer Impact—according to the criteria identified below.

New Product Attributes Criterion 1: Match to Needs Criterion 2: Reliability Criterion 3: Quality Criterion 4: Positioning Criterion 5: Design

Customer Impact Criterion 1: Price/Performance Value Criterion 2: Customer Purchase Experience Criterion 3: Customer Ownership Experience Criterion 4: Customer Service Experience

Criterion 5: Brand Equity

Best Practice Award Analysis for Irdeto Decision Support Scorecard To support its evaluation of best practices across multiple business performance categories, Frost & Sullivan employs a customized Decision Support Scorecard. This tool allows our research and consulting teams to objectively analyze performance, according to the key benchmarking criteria listed in the previous section, and to assign ratings on that basis. The tool follows a 10-point scale that allows for nuances in performance evaluation; ratings guidelines are illustrated below.

RATINGS GUIDELINES

The Decision Support Scorecard is organized by New Product Attributes and Customer Impact (i.e., the overarching categories for all 10 benchmarking criteria; the definitions for each criteria are provided beneath the scorecard). The research team confirms the veracity of this weighted scorecard through sensitivity analysis, which confirms that small changes to the ratings for a specific criterion do not lead to a significant change in the overall relative rankings of the companies.



The results of this analysis are shown below. To remain unbiased and to protect the interests of all organizations reviewed, Frost & Sullivan has chosen to refer to the other key players as Competitor 2 and Competitor 3.

DECISION SUPPORT SCORECARD: NEW PRODUCT INNOVATION AWARD

Measurement of 1–10 (1 = poor; 10 = excellent)

New Product Innovation New Product Attributes

Customer Impact

Average Rating

Irdeto 9.7 8.5 9.1

Competitor 1 9 7.3 8.2

Competitor 2 8.2 6.3 8.1

New Product Attributes Criterion 1: Match to Needs Requirement: Customer needs directly influence and inspire the product’s design and positioning

Criterion 2: Reliability Requirement: The product consistently meets or exceeds customer expectations for consistent performance during its entire life cycle

Criterion 3: Quality Requirement: Product offers best-in-class quality, with a full complement of features and functionality

Criterion 4: Positioning Requirement: The product serves a unique, unmet need that competitors cannot easily replicate

Criterion 5: Design Requirement: The product features an innovative design, enhancing both visual appeal and ease of use

Customer Impact Criterion 1: Price/Performance Value Requirement: Products or services offer the best value for the price, compared to similar offerings in the market

Criterion 2: Customer Purchase Experience Requirement: Customers feel like they are buying the most optimal solution that addresses both their unique needs and their unique constraints

Criterion 3: Customer Ownership Experience Requirement: Customers are proud to own the company’s product or service, and have a positive experience throughout the life of the product or service



Criterion 4: Customer Service Experience Requirement: Customer service is accessible, fast, stress-free, and of high quality

Criterion 5: Brand Equity Requirement: Customers have a positive view of the brand and exhibit high brand loyalty

Decision Support Matrix Once all companies have been evaluated according to the Decision Support Scorecard, analysts can then position the candidates on the matrix shown below, enabling them to visualize which companies are truly breakthrough and which ones are not yet operating at best-in-class levels.

DECISION SUPPORT MATRIX: NEW PRODUCT INNOVATION AWARD

High

Low

Low High

Cu

stom

er I

mp

act

New Product Attributes

Irdeto

Competitor 1

Competitor 2



The Intersection between 360-Degree Research and Best Practices Awards

Research Methodology Frost & Sullivan’s 360-degree research methodology represents the analytical rigor of our research process. It offers a 360- degree-view of industry challenges, trends, and issues by integrating all 7 of Frost & Sullivan's research methodologies. Too often, companies make important growth decisions based on a narrow understanding of their environment, leading to errors of both omission and commission. Successful growth strategies are founded on a thorough understanding of market, technical, economic, financial, customer, best practices, and demographic analyses. The integration of these research disciplines into the 360-degree research methodology provides an evaluation platform for benchmarking industry players and for identifying those performing at best-in-class levels.

360-DEGREE RESEARCH: SEEING ORDER IN THE CHAOS



About Frost & Sullivan Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best in class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages almost 50 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 31 offices on six continents. To join our Growth Partnership, please visit http://www.frost.com.

http://www.frost.com/

2016 european anti-hacking technology for connected cars new … · 2016-06-06 · experienced...

Documents